Communication apparatus, method of controlling the same, program, and printing apparatus

ABSTRACT

A communication apparatus determines whether or not a security function relating to communication of the communication apparatus is set when the information processing apparatus performs direct wireless communication; and controls to prohibit or permit wireless communication with the information processing apparatus in accordance with the determination result.

TECHNICAL FIELD

The present invention relates to a communication apparatus, a method ofcontrolling the same, a program and a printing apparatus.

BACKGROUND ART

In communication apparatuses such as printing apparatuses, PCs, mobileterminals, and the like, it is possible to perform communication with anexternal apparatus via an access point by connecting to an access pointas a client through a wireless LAN function. Also, a standard calledWi-Fi Direct (registered trademark) was established by The Wi-FiAlliance. In Wi-Fi Direct, a protocol is defined for determining whethera communication apparatus, such as a printing apparatus or a PC, willoperate as an access point or a client. By executing this protocol, thecommunication apparatus that becomes the access point, and thecommunication apparatus that becomes the client can be decidedautomatically. By using Wi-Fi Direct, it becomes unnecessary to preparean access point separately, and it is possible to execute directwireless communication between information processing apparatuses. InJapanese Patent Laid-Open No. 2012-199884, transmitting and receivingaudio data, photograph data and the like using Wi-Fi Direct isdisclosed.

However, there is a problem with the above described conventionaltechnique as recited below. Printing apparatuses (communicationapparatus) have come to have various security functions. As an example,there is a function called IP filter. IP filter is a function forrestricting, by IP address, terminals for which wireless/wired access toa printing apparatus is permitted, and it is capable of preventingaccess by unauthorized terminals. Also, there is a function called MACfilter for restricting access by MAC address rather than IP address. Auser maintains security for a network environment, which includes aprinting apparatus, on the whole using various security functions thatthe printing apparatus has.

In cases where the user is using the above described security functionsof the printing apparatus, there is the possibility that the user cannotmaintain the security of the printing apparatus when an unspecified userconnects and uses a mobile terminal and a printing apparatus by Wi-FiDirect. For example, in the process of a Wi-Fi Direct connection, asdescribed above, there are cases where an IP address is assignedautomatically by DHCP to the mobile terminal. For this reason, even ifterminals that are able to access are restricted by enabling IP filteron the printing apparatus, in cases where a permitted IP address isassigned to the mobile terminal, printing by a mobile terminal that wasnot intended to be permitted will be permitted. Conversely, even incases where it is desired that Wi-Fi Direct usage be permitted, itcannot be used because access from mobile terminals is restricted by thesecurity functions, and so there is a problem in that convenience isimpaired.

SUMMARY OF INVENTION

The present invention enables realization of an arrangement forcontrolling suitably the security of a printing apparatus and the usageof wireless communication in cases where an information processingapparatus and a printing apparatus perform direct wirelesscommunication.

One aspect of the present invention provides a communication apparatusoperable to perform direct wireless communication with an informationprocessing apparatus, the apparatus comprising: determination means fordetermining whether or not a security function relating to communicationof the communication apparatus is set when the information processingapparatus performs the direct wireless communication; and control meansfor controlling, in accordance with a determination result of thedetermination means, whether to permit or to prohibit wirelesscommunication with the information processing apparatus.

Another aspect of the present invention provides a communicationapparatus, comprising: setting means for setting an IP filter to use incommunication with an external apparatus; and communication mans forexecuting wireless communication for which a connection is establishedby distributing an IP address to an external apparatus, wherein in acase where the communication means executes the wireless communication,the communication apparatus does not use the IP filter set by thesetting means.

Still another aspect of the present invention provides a method ofcontrolling a communication apparatus operable to perform directwireless communication with an information processing apparatus, themethod comprising: determining whether or not a security functionrelating to communication of the communication apparatus is set when theinformation processing apparatus performs direct wireless communication;and controlling, in accordance with a determination result of thedetermination, whether to permit or to prohibit wireless communicationwith the information processing apparatus.

Yet still another aspect of the present invention provides a method ofcontrolling a communication apparatus, the method comprising: setting anIP filter to use in communication with an external apparatus; andexecuting wireless communication for which a connection is establishedby distributing an IP address to an external apparatus, wherein in acase where the wireless communication is executed, the set IP filter isnot used.

Still yet another aspect of the present invention provides a program forcausing a computer to execute each step of the method of controlling acommunication apparatus.

Further features of the present invention will be apparent from thefollowing description of exemplary embodiments with reference to theattached drawings.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a view for illustrating a Wi-Fi Direct processing sequence.

FIG. 2 is a view for illustrating a hardware configuration of a printingapparatus 200.

FIG. 3 is a view for illustrating a hardware configuration of a mobileterminal 300.

FIG. 4 is a view for illustrating a security setting screen displayed ona operation panel 211.

FIG. 5 is a view for illustrating an IP filter setting screen displayedon a operation panel 211.

FIG. 6 is a view for illustrating a Wi-Fi Direct security setting screendisplayed on a operation panel 211.

FIG. 7 is a sequence diagram for showing processing executed between aprinting apparatus 200 and a mobile terminal 300.

FIG. 8 is a view for illustrating a screen displayed on a operationpanel 211.

FIG. 9 is a view for illustrating a Wi-Fi Direct connection instructionscreen displayed on a operation panel 211.

FIG. 10 is a flowchart for showing processing for determining a displaystate of an icon 802.

FIG. 11 is a view for illustrating a Wi-Fi Direct security settingscreen displayed on a operation panel 211.

FIG. 12 is a flowchart for showing processing for determining a displaystate of an icon 802.

FIG. 13 is a flowchart for showing processing is executed when theprinting apparatus 200 receives a wireless communication initiationinstruction.

FIG. 14 is a view for illustrating a screen displayed on a operationpanel 211.

FIG. 15 is a view for illustrating a screen displayed on a operationpanel 211.

DESCRIPTION OF EMBODIMENTS

Embodiments of the present invention will now be described in detailwith reference to the drawings. It should be noted that the relativearrangement of the components, the numerical expressions and numericalvalues set forth in these embodiments do not limit the scope of thepresent invention unless it is specifically stated otherwise.

<Wi-Fi Direct>

Firstly, explanation will be given for a Wi-Fi Direct processingsequence with reference to FIG. 1. A printing apparatus and a mobileterminal are examples of an information processing apparatus or acommunication apparatus that each support Wi-Fi Direct.

Firstly, in step S101, the printing apparatus and the mobile terminaleach perform a device search in order to identify a communicationpartner. When a communication partner is identified by the devicesearch, it is determined, in step S102, which will be the access point(GroupOwner) and which will be the Client (Client). The processing ofstep S102 is referred to as role determination. In FIG. 1, the result ofthe role determination of step S102 is that the printing apparatusbecomes the GroupOwner, and the mobile terminal becomes the Client.

Next, in step S103, using WPS (Wi-Fi Protected Setup), which wasestablished by The Wi-Fi Alliance, parameters for making a connectionfrom the printing apparatus, which is the GroupOwner, to the mobileterminal, which is the Client, are provided. With this, the parametersare shared between the printing apparatus and the mobile terminal.Continuing on, in step S104, a secure connection is made using theparameters.

When the secure connection is completed, in step S105, addressing isperformed in order to perform IP communication between the printingapparatus and the mobile terminal. Here, the printing apparatus, whichis the GroupOwner, operates as a DHCP server, and grants an IP addressto the mobile terminal, which is the Client.

By performing the above processing, wireless communication between theprinting apparatus and the mobile terminal can be established. By usingwireless communication, direct communication between the printingapparatus and the mobile terminal without preparing a separate accesspoint becomes possible.

First Embodiment

Below, explanation will be given for a first embodiment of the presentinvention with reference to the drawings. The present embodimentprioritizes settings of a security function pertaining to communicationof the printing apparatus (communication apparatus), and prohibits usageof Wi-Fi Direct in cases where predetermined settings pertaining to thesecurity function are set.

<Configuration of the Printing Apparatus>

Next, explanation will be given for a hardware configuration of aprinting apparatus 200 with reference to FIG. 2. The printing apparatus200 is an example of an information processing apparatus or acommunication apparatus capable of performing wireless communicationwith an external apparatus (for instance, a mobile terminal, a PC, orthe like). In this embodiment, explanation is given having the printingapparatus 200 be a multi function peripheral, but a printer not providedwith a scanner but having a communication function with an externalapparatus may be used. Alternatively, a scanner not provided with aprinter, but having a communication function with an external apparatusmay be used. In other words, it is possible to adapt the presentinvention to a communication apparatus having a communication functionwith an external apparatus.

The printing apparatus 200 is provided with a control unit 201, aprinter 207, a scanner 209 and a operation panel 211. The control unit201 is provided with a CPU 202, a RAM 203, a ROM 204, an HDD 205, aprinter I/F 206, a scanner I/F 208, a operation panel I/F 210, awireless LAN I/F 212 and a wired LAN I/F 213.

The control unit 201, which includes the CPU 202, controls overalloperations of the printing apparatus 200. The CPU 202 reads out acontrol program stored in the ROM 204 into the RAM 203, and performsvarious control such as communication control. The RAM 203 is a mainmemory of the CPU 202, and is used as a temporary region such as a workarea. The HDD 205 stores data, various programs, or various informationtables.

The printer I/F 206 connects the printer 207 (printing engine) and thecontrol unit 201. The printer 207 performs a printing process on a sheetpaper-fed from a paper feed cassette (not shown) based on print datainput via the printer I/F 206. The scanner I/F 208 connects the scanner209 and the control unit 201. The scanner 209 generates image data byscanning a stacked original and outputs. Image data output from thescanner 209 is printed by the printer 207, stored in the HDD 205, andtransmitted to an external apparatus via the wireless LAN I/F 212, thewired LAN I/F 213, or the like.

The operation panel I/F 210 connects the operation panel 211 and acontrol unit 201. The operation panel 211 is provided with a liquidcrystal display unit having a touch panel function, a keyboard, variousfunction keys, or the like. A user confirms a screen displayed on theoperation panel 211, and is capable of inputting various instructions tothe printing apparatus 200 using the touch panel.

The wireless LAN I/F 212 executes wireless communication with anexternal apparatus such as a mobile terminal, a PC, or the like. By thiswireless communication, the printing apparatus 200 receives print datafrom an external apparatus, and the printer 207 performs a printingprocess based on the received print data. Also, image data that thescanner 209 generates may be transmitted to an external apparatus viathe wireless LAN I/F 212. The wired LAN I/F 213 is connected to a LANcable (not shown), and is capable of performing communication with anexternal apparatus.

Note, the printing apparatus 200 is something that executes theprocessing shown in the later explained flowcharts using a single CPU202, and a single memory (RAM 203), but other embodiments may be taken.For instance, configuration may be taken such that the processing shownin later explained flowcharts is executed by coordinating a plurality ofCPUs and a plurality of memories.

<Configuration of the Mobile Terminal>

Next, explanation will be given for a hardware configuration of themobile terminal 300 with reference to FIG. 3. The mobile terminal 300,similarly to the printing apparatus 200, is an example of an informationprocessing apparatus capable of performing wireless communication. Themobile terminal 300 is an apparatus such as a smart phone, a mobiletelephone, a tablet, a digital camera, or the like, for example.

The mobile terminal 300 is provided with a CPU 301, a RAM 302, a ROM303, an HDD 304, an operation unit 305, and a wireless LAN I/F 306. TheCPU 301 reads out a control program stored in the ROM 303 into the RAM302, and controls overall operations of the mobile terminal 300. The RAM302 is a main memory of the CPU 301, and is used as a temporary regionsuch as a work area. The HDD 304 stores data, various programs, orvarious information tables.

The operation unit 305 is constituted by a liquid crystal display unithaving a touch panel function, hard keys, or the like. A user confirms ascreen displayed on the operation unit 305, and is capable of inputtingvarious instructions to the printing apparatus 200 using the touchpanel. The wireless LAN I/F 306 performs wireless communication with anexternal apparatus such as the printing apparatus 200. The wireless LANI/F 306 is capable of transmitting to the printing apparatus 200 imagedata, as print data, stored in a memory such as the HDD 304, forinstance.

Note, the mobile terminal 300 is something that executes the processingshown in later explained flowcharts using a single CPU 301, and a singlememory (RAM 302), but other embodiments may be taken. For instance,configuration may be taken such that the processing shown in laterexplained flowcharts is executed by coordinating a plurality of CPUs anda plurality of memories.

<Operation Screens>

Next, explanation will be given for operation screens displayed on theoperation panel 211 of the printing apparatus 200, with reference toFIG. 4-FIG. 6. An operation screen 400 shown in FIG. 4 is a screen onwhich a user performs security setting of the printing apparatus 200. Onthe operation screen 400 are included icons 401-403. The icon 401, theicon 402, and the icon 403 are setting icons for IP filter, MAC filter,and Wi-Fi Direct, respectively. In the operation screen 400, the icons401-403 of the security functions usable on the printing apparatus 200are displayed, and the user, by pressing the icons, may set therespective functions.

In the operation screen 400, when the user selects the icon 401,transition is made to an operation screen 500 shown in FIG. 5, and an IPfilter setting screen is displayed. An icon 501 sets whether or not IPfilter is used. In cases where the icon 501 is ON, IP filter is enabled,and access from IP addresses registered in reject addresses 502 isrejected. For the reject addresses, it is possible to register multipleIP addresses by selecting an icon 503.

When the user selects the icon 403 from the screen of FIG. 4, transitionis made to a operation screen 600 of FIG. 6, and a Wi-Fi Direct securitysetting screen is displayed. An icon 601 sets whether to permit or toprohibit a Wi-Fi Direct connection.

<Wireless Connection Processing>

Next, explanation will be given for wireless connection processing of aprinting system according to the embodiment with reference to FIG. 7. Inthis embodiment, the printing apparatus 200 and the mobile terminal 300execute Wi-Fi Direct wireless communication as explained with FIG. 1.When a user makes an instruction for execution initiation of Wi-FiDirect on each of the printing apparatus 200 and the mobile terminal300, the printing apparatus 200 and the mobile terminal 300 respectivelyexecute a device search as shown in step S701. By the device search theprinting apparatus 200 and the mobile terminal 300 are able to identifyeach other as a communication partner. Note, in step S701 the processingexplained in step S101 of FIG. 1 is executed.

In this embodiment, a user makes an instruction for execution initiationof Wi-Fi Direct through a screen displayed on the printing apparatus 200or the mobile terminal 300. An operation screen 800 of FIG. 8 is ascreen displayed on the operation panel 211 of the printing apparatus200, and it is a basic operation window for a user to select a functionto use from out of a plurality of functions that the printing apparatus200 provides. A user can use a wireless function of the printingapparatus 200 by the user selecting an icon 801.

When a user selects the icon 801, an operation screen 810 or anoperation screen 820 is displayed on the operation panel. In theoperation screens 810 and 820 various settings pertaining to wirelesscommunication settings are possible. As will be explained later, thereare cases where an icon 802 is displayed normally as in the operationscreen 810, and displayed grayed out as in the operation screen 820, andwhen a user selects the icon 802 in cases where it is displayednormally, a screen 900 of FIG. 9 is displayed on the operation panel211. Then, by the user selecting an icon 901, wireless communication(Wi-Fi Direct) execution initiation is instructed. Note, in theoperation unit 305 of the mobile terminal 300 the same screen isdisplayed as in FIG. 9, and the user is able to instruct wirelesscommunication (Wi-Fi Direct) execution initiation.

When the printing apparatus 200 and the mobile terminal 300 identifyeach other as a communication partner with the device search of stepS701, a wireless connection as shown in step S702 is executed. With thewireless connection of step S702 wireless communication between theprinting apparatus 200 and the mobile terminal 300 is established. Note,in step S702, the processing explained in steps S102-S105 of FIG. 1 isexecuted.

More specifically, it is first determined which of the printingapparatus 200 and the mobile terminal 300 will be the access point(GroupOwner) and which will be the Client (Client). Continuing on,parameters are shared between the printing apparatus 200 and the mobileterminal 300 using WPS, and a secure connection is performed using theseparameters. When the secure connection is completed, addressing isperformed in order to perform IP communication between the printingapparatus 200 and the mobile terminal 300. Here, the apparatus, which isthe GroupOwner, grants an IP address to the apparatus which is theClient. By executing this wireless connection, wireless communicationbetween the printing apparatus 200 and the mobile terminal 300 isestablished.

Whether the icon 802 is displayed normally or displayed grayed out isdetermined by the flowchart of FIG. 10. The steps shown in the flowchartof FIG. 10 are processed by the CPU 202 loading into the RAM 203 andexecuting a program stored in a memory such as the ROM 204.

In step S1001, the CPU 202 determines whether or not usage of Wi-FiDirect is permitted. Here the determination is performed based on thesetting value set with the icon 601 of FIG. 6. If permitted, theprocessing proceeds to step S1002, and the CPU 202 determines whether ornot each security setting is enabled. In cases where, according to thedetermination result, the security settings are all disabled, theprocessing proceeds to step S1003, and the CPU 202 determines to displaythe icon 802 normally.

On the other hand, in cases where, in step S1001, Wi-Fi Direct is notpermitted, or in cases where any of the security settings in step S1002are enabled, the processing proceeds to step S1004, and the CPU 202determines to display the icon 802 grayed out. In other words, the CPU202 displays the icon 802 grayed out, and by making it unselectable,prohibits Wi-Fi Direct with an external apparatus.

As explained above, by virtue of the present embodiment, the printingapparatus 200 prohibits Wi-Fi Direct with the mobile terminal 300 incases where any of the security settings that the printing apparatus 200has are enabled. Accordingly, security set for the printing apparatus200 is maintained, and unauthorized access can be prevented.

<Variation>

Note, the present invention is not limited to the above describedembodiment, and various variations are possible. For instance, in theabove described embodiment, configuration is taken in which, in caseswhere a predetermined security setting is enabled in the printingapparatus 200, usage of Wi-Fi Direct is prohibited. However,configuration may be taken in which usage of Wi-Fi Direct isprioritized. In such a case, in step S1002 of FIG. 10, in cases where asecurity setting is enabled, the security setting is temporarily changedto be disabled, and transition is made to the processing of step S1003.Here, current security settings are stored in a memory such as the RAM203. After that, when the usage of Wi-Fi Direct completes, byreferencing the information stored in the memory, the security settingthat was temporarily disabled is re-enabled.

Second Embodiment

Next explanation will be given for a second embodiment of the presentinvention. The above described first embodiment is explained as aconfiguration in which, in cases where a security setting of theprinting apparatus 200 is enabled, a Wi-Fi Direct connection between theprinting apparatus 200 and an external apparatus is not allowed to beperformed. However, in the above described first embodiment, it is notpossible to do such as thing as permit Wi-Fi Direct temporarily in placeof being able to firmly maintain security. Also, in the variation in theabove described first embodiment, while the usage of Wi-Fi Direct can beperformed flexibly, compared to the above described first embodiment,security is vulnerable. In this embodiment, configuration is taken suchthat an administrator, or the like is able to set whether to prioritizesecurity or Wi-Fi Direct usage. Note, because the configurations of theprinting apparatus 200 and the mobile terminal 300, and the wirelessconnection processing sequence of the printing system are similarconfigurations to those of the above described the first embodiment,explanation is omitted.

Firstly, explanation will be given for a setting screen 1100 displayedon the operation panel 211 of the printing apparatus 200 in the presentembodiment with reference to FIG. 11. The setting screen 1100 is a Wi-FiDirect security setting screen displayed in cases where a user selectsthe icon 403 on the operation screen 400 of FIG. 4. An icon 1101 setswhether to permit or to prohibit a Wi-Fi Direct connection. An icon 1102sets whether or not to prioritize security, and when the usage of Wi-FiDirect is permitted in cases where it is OFF, even if security settingsare made, the security settings are temporarily disabled, and it ispossible to use Wi-Fi Direct. On the other hand, in cases where it isON, similarly to the above described first embodiment, if securitysettings are enabled, usage of Wi-Fi Direct is prohibited.

Note, performing display control in consideration of a relationshipbetween the above described icon 1101 and icon 1102 is advantageous. Forinstance, when a user sets permit Wi-Fi Direct usage with the icon 1101,control may be taken such that setting of the icon 1102 becomesselectable. In such cases, display control may be performed so that theicon 1102 is displayed to be unselectable, or displayed grayed out, ornot displayed, until the user sets permit Wi-Fi Direct usage with theicon 1101.

When the user selects an icon 801 on the operation screen 800, theoperation screen 810 or the operation screen 820 is displayed, andwhether the icon 802 is displayed normally or displayed grayed out isdetermined by the flowchart of FIG. 12.

The steps shown in the flowchart of FIG. 12 are processed by the CPU 202loading into the RAM 203 and executing a program stored in a memory suchas the ROM 204.

In step S1201, the CPU 202 determines whether or not the usage of Wi-FiDirect is permitted. Here, determination is performed based on a settingvalue set with the icon 1101 of FIG. 11. In cases where it is permitted,the processing proceeds to step S1202, and the CPU 202 determines todisplay normally the icon 802. In step S1201, in cases where it is notpermitted, the processing proceeds to step S1203, and the CPU 202determines to display the icon 802 grayed out.

When the user selects the icon 802 in cases where the icon 802 isdisplayed normally, the screen 900 of FIG. 9 is displayed on theoperation panel 211. Then, when wireless communication (Wi-Fi Direct)execution initiation is instructed by the user selecting the icon 901 onthe screen 900, the printing apparatus 200 executes the processing ofFIG. 13.

FIG. 13 is a flowchart for showing processing executed when the printingapparatus 200 receives a wireless communication initiation instruction.The steps shown in the flowchart of FIG. 13 are processed by the CPU 202loading into the RAM 203 and executing a program stored in a memory suchas the ROM 204.

When the user makes an instruction for wireless communication initiationin the printing apparatus 200, the CPU 202, in step S1301, determineswhether or not any of the security settings of the printing apparatus200 are enabled. In cases where any of the security settings areenabled, the processing proceeds to step S1302, the CPU 202 determineswhether or not a security prioritizing setting set with the icon 1102 isON. In cases where the security prioritizing setting is ON, a screensuch as that in FIG. 14 is displayed, and the processing completes. Ascreen 1400 is a notification screen for notifying the user that usageof Wi-Fi Direct will be stopped because security settings are set.

Meanwhile, in cases where a security prioritizing setting is OFF, theprocessing proceeds to step S1303, and the CPU 202 displays a screensuch as that of FIG. 15 on the operation panel 211. A screen 1500 is ascreen for querying an operator as to whether or not to temporarilydisable security settings in order to use Wi-Fi Direct. In the screen1500, when a user selects an icon 1501, a continue instruction isperformed, and when an icon 1502 is selected, a cancel instruction isperformed.

In step S1304, the CPU 202 determines the user instruction content viathe screen 1500, and the processing completes in cases where there is acancel instruction. Meanwhile, in cases where there is a continueinstruction, the processing proceeds to step S1305, and the CPU 202disables each security function temporarily. Here, current securitysettings are stored in a memory such as the RAM 203. With this, it ispossible to restore security settings when later the Wi-Fi Directconnection ends. After this, in step S1306, the CPU 202 performs theprocessing explained in steps S701-S702 of FIG. 7, and establishes awireless connection. Also, in step S1301, in cases where the securitysettings are all disabled, the processing proceeds to step S1306, and awireless connection is established.

As explained above, by virtue of the present embodiment, when Wi-FiDirect is used, an operator, or the like, is able to switch whether ornot to prioritize security settings of the printing apparatus 200. Incases where security settings are prioritized, the usage of Wi-Fi Directis prohibited, and in a case where the usage of Wi-Fi Direct isprioritized, if security settings are set, the security settings aretemporarily disabled, and it becomes possible to use the Wi-Fi Directfunction. With this, in the present embodiment, it is possible tocontrol by determining a priority of the security of the printingapparatus and user convenience, in cases where a mobile terminal and aprinting apparatus perform direct wireless communication.

Other Embodiments

In the above described embodiment, explanation was given with IP filteras an example of a security function that the printing apparatus 200has, but the security function is not limited to IP filter. For example,it is possible to apply the present invention for various securityfunctions that the printing apparatus 200 has, such as a MAC filter,IEEE 802. 1X, IPsec, or the like. Also, in the above describedembodiment, explanation was given for the printing apparatus 200 and themobile terminal 300 executing Wi-Fi Direct as the wirelesscommunication, but the wireless communication is not limited to Wi-FiDirect. It is possible to apply the present invention if the wirelesscommunication is such that a plurality of communication apparatuses areable to perform direct communication, such as with Wi-Fi Direct.

Embodiments of the present invention can also be realized by a computerof a system or apparatus that reads out and executes computer executableinstructions recorded on a storage medium (e.g., non-transitorycomputer-readable storage medium) to perform the functions of one ormore of the above-described embodiment(s) of the present invention, andby a method performed by the computer of the system or apparatus by, forexample, reading out and executing the computer executable instructionsfrom the storage medium to perform the functions of one or more of theabove-described embodiment(s). The computer may comprise one or more ofa central processing unit (CPU), micro processing unit (MPU), or othercircuitry, and may include a network of separate computers or separatecomputer processors. The computer executable instructions may beprovided to the computer, for example, from a network or the storagemedium. The storage medium may include, for example, one or more of ahard disk, a random-access memory (RAM), a read only memory (ROM), astorage of distributed computing systems, an optical disk (such as acompact disc (CD), digital versatile disc (DVD), or Blu-ray Disc (BD)™),a flash memory device, a memory card, and the like.

With the present invention, in cases where an information processingapparatus and a communication apparatus perform direct wirelesscommunication, an arrangement for controlling suitably the security ofthe communication apparatus and the usage of the wireless communicationcan be provided.

While the present invention has been described with reference toexemplary embodiments, it is to be understood that the invention is notlimited to the disclosed exemplary embodiments. The scope of thefollowing claims is to be accorded the broadest interpretation so as toencompass all such modifications and equivalent structures andfunctions.

This application claims the benefit of Japanese Patent Application No.2013-054144 filed on March 15, 2013, which is hereby incorporated byreference herein in its entirety.

1. A communication apparatus operable to perform direct wireless communication with an information processing apparatus, the apparatus comprising: a determination unit configured to determine whether or not a security function relating to communication of the communication apparatus is set when the information processing apparatus performs the direct wireless communication; and a control unit configured to control, in accordance with a determination result of the determination unit, whether to permit or to prohibit wireless communication with the information processing apparatus.
 2. The communication apparatus according to claim 1, wherein the control unit prohibits wireless communication with the information processing apparatus when the determination unit has determined that the security function is set, and permits wireless communication with the information processing apparatus when the determination unit has determined that the security function is not set.
 3. The communication apparatus according to claim 1, wherein the control unit permits wireless communication with the information processing apparatus by temporarily disabling the security function, when the determination unit has determined that the security function is set, and permits wireless communication with the information processing apparatus when the determination unit has determined that the security function is not set.
 4. The communication apparatus according to claim 1, further comprising a setting unit configured to set whether or not to prioritize the security function, wherein the control unit, in a case where prioritizing the security function is set by the setting unit, prohibits wireless communication with the information processing apparatus when the determination unit has determined that the security function is set, and permits wireless communication with the information processing apparatus when the determination unit has determined that the security function is not set, and, in a case where prioritizing the security function is not set by the setting unit, permits wireless communication with the information processing apparatus by temporarily disabling the security function, when the determination unit has determined that the security function is set, and permits wireless communication with the information processing apparatus when the determination unit has determined that the security function is not set
 5. The communication apparatus according to claim 3, wherein the control unit, re-enables the security function when the wireless communication completes after permitting wireless communication with the information processing apparatus by temporarily invalidating the security function.
 6. The communication apparatus according to claim 5, wherein the control unit stores a current security function setting in a memory when temporarily disabling the security function, and references the setting stored in the memory when re-enabling the security function.
 7. The communication apparatus according to claim 2, wherein the control unit, in a case of temporarily disabling the security function, performs a confirmation for an operator.
 8. The communication apparatus according to claim 2, wherein the control unit in a case of prohibiting wireless communication with the information processing apparatus, notifies an operator that wireless communication with the information processing apparatus will be stopped due to the security function being set.
 9. The communication apparatus according to claim 1, wherein settings of the security function are settings relating to an IP filter, a MAC filter, IEEE
 802. 1X or an IPsec.
 10. The communication apparatus according to claim 1, wherein the wireless communication with the information processing apparatus is a Wi-Fi Direct.
 11. A communication apparatus, comprising: a setting unit configured to set an IP filter to use in communication with an external apparatus; and a communication unit configured to executing wireless communication for which a connection is established by distributing an IP address to an external apparatus, wherein in a case where the communication unit executes the wireless communication, the communication apparatus does not use the IP filter set by the setting unit.
 12. The communication apparatus according to claim 11, wherein the setting unit sets the IP filter based on an instruction of a user.
 13. The communication apparatus according to claim 11, wherein the communication unit executes wireless communication by disabling the IP filter.
 14. The communication apparatus according to claim 11, wherein the wireless communication is Wi-Fi Direct.
 15. A method of controlling a communication apparatus operable to perform direct wireless communication with an information processing apparatus, the method comprising: determining whether or not a security function relating to communication of the communication apparatus is set when the information processing apparatus performs direct wireless communication; and controlling, in accordance with a determination result of the determination, whether to permit or to prohibit wireless communication with the information processing apparatus.
 16. A non-transitory computer-readable storage medium storing a program for causing a computer to execute each step of the method of controlling a communication apparatus operable to perform direct wireless communication with an information processing apparatus, the method comprising: determining whether or not a security function relating to communication of the communication apparatus is set when the information processing apparatus performs direct wireless communication; and controlling, in accordance with a determination result of the determination, whether to permit or to prohibit wireless communication with the information processing apparatus.
 17. A method of controlling a communication apparatus, the method comprising: setting an IP filter to use in communication with an external apparatus; and executing wireless communication for which a connection is established by distributing an IP address to an external apparatus, wherein in a case where the wireless communication is executed, the set IP filter is not used.
 18. A non-transitory computer-readable storage medium storing a program for causing a computer to execute each step of the method of controlling a communication apparatus, the method comprising: setting an IP filter to use in communication with an external apparatus; and executing wireless communication for which a connection is established by distributing an IP address to an external apparatus, wherein in a case where the wireless communication is executed, the set IP filter is not used. 